Arch Linux Security Advisory ASA-201801-12
==========================================

Severity: Medium
Date    : 2018-01-16
CVE-ID  : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208
Package : irssi
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-575

Summary
=======

The package irssi before version 1.0.6-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 1.0.6-1.

# pacman -Syu "irssi>=1.0.6-1"

The problems have been fixed upstream in version 1.0.6.

Workaround
==========

None.

Description
===========

- CVE-2018-5205 (denial of service)

When using incomplete escape codes, irssi before 1.0.6 may access data
beyond the end of the string.

- CVE-2018-5206 (denial of service)

When the channel topic is set without specifying a sender, irssi before
1.0.6 may dereference a NULL pointer.

- CVE-2018-5207 (denial of service)

When using an incomplete variable argument, irssi before 1.0.6 may
access data beyond the end of the string.

- CVE-2018-5208 (denial of service)

In Irssi before 1.0.6 a calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.

Impact
======

A remote attacker is able to crash the application via a malicious
server or by tricking a user to use malicious commands.

References
==========

http://www.openwall.com/lists/oss-security/2018/01/06/2
https://irssi.org/security/irssi_sa_2018_01.txt
https://github.com/irssi/irssi/commit/7a83c63701b7395ee6cc606905314318eef77971
https://github.com/irssi/irssi/commit/54d453623d879ea83d0818a80bd14151192953ec
https://github.com/irssi/irssi/commit/cc17837a9b326ec9100a35981348fa0f5d6316fa
https://github.com/irssi/irssi/commit/2361d4b1e5d38701f35146219ceddd318ac4e645
https://security.archlinux.org/CVE-2018-5205
https://security.archlinux.org/CVE-2018-5206
https://security.archlinux.org/CVE-2018-5207
https://security.archlinux.org/CVE-2018-5208